1
00:00:02,390 --> 00:00:04,390
This is it for this module,

2
00:00:04,400 --> 00:00:10,730
the two most important attack patterns or vulnerabilities I want you to take away from it are these

3
00:00:10,730 --> 00:00:16,380
two - security details in your code which you expose accidentally and cross site scripting attacks.

4
00:00:16,400 --> 00:00:23,180
These are the Javascript specific attack patterns whereas the CSRF pattern works with any language

5
00:00:23,180 --> 00:00:29,230
on the backend and with no Javascript code in the frontend and causes a general security concept but

6
00:00:29,240 --> 00:00:35,840
two leftmost holes, security holes are the important ones you might have in your application.

7
00:00:35,840 --> 00:00:40,640
If you expose code there, all your Javascript code is always readable by anyone,

8
00:00:40,670 --> 00:00:42,520
that's something you have to keep in mind,

9
00:00:42,590 --> 00:00:49,130
exposing important information in your Javascript code allows anyone to read and abuse it and cross

10
00:00:49,130 --> 00:00:55,850
site scripting attacks allows users to prepare data or prepare links which all visitors of your page

11
00:00:55,850 --> 00:00:58,190
might then see and if that data,

12
00:00:58,190 --> 00:01:04,430
this prepared data, contains scripts that executes, then for all visitors of your page, these scripts

13
00:01:04,490 --> 00:01:12,380
will execute and can do dangerous stuff, like read personal data, send malicious requests with user data

14
00:01:12,410 --> 00:01:15,200
to some malicious servers and so on,

15
00:01:15,200 --> 00:01:19,070
so you definitely need to protect against these two security holes,

16
00:01:19,070 --> 00:01:25,820
for example by sanitizing output by using text content instead of innerHTML and by not leaving any

17
00:01:25,820 --> 00:01:28,430
important data in your Javascript code.